Web Issues - Access Forbidden!

Discussion in 'Installation/Configuration' started by rytech, Sep 28, 2005.

  1. rytech

    rytech New Member

    I just installed ISPConfig using the SuSE 9.3 because I am more familiar with it and we use it on multiple servers here. After the setup, I tried acessing the webpage for the new site that i created, I get a message saying Access forbidden! - You don't have permission to access the requested directory. There is either no index document or the directory is read-protected.

    I know the reason I am getting the error, but not sure why I am getting the error. The reason is because the webserver is trying to access the /srv/www/htdocs directory rather than /srv/www/web1/web directory.

    The actual error message from log files is " Directory index forbidden by rule: /srv/www/htdocs/"

    Does anyone know how to change this so that I can get it to access the correct directories. All the email portion is working fine along with all DNS.

    I would like to really get this working because it will save us time in setting up our customers domains. Any help would be greatly appreciated. I noticed someone else had an error with this in another forum but there was no resolution except for he changed to another server.
     
    Last edited: Sep 28, 2005
  2. Ovidiu

    Ovidiu Active Member

    I am using Debian but I had to select advanced mode during install to point to the right web server folder - in the Debian howto Sarge it is indicated at the end of the tutorial that you have to do this if you want to use su-exec, I don't know about the Suse tutorial.

    But why don't you go to your ISPcfg administration pane land go to server settings select category web and I am sure you can set the path to your web there...
     
  3. falko

    falko Super Moderator

    Did you follow the tutorial for SuSE 9.3? http://www.howtoforge.com/perfect_setup_suse_9.3
     
  4. uralter_artifex

    uralter_artifex New Member

    Same issue here...

    Hello there,

    I followed Falko's tutorial on preparing SuSE 9.3 for ISPConfig and afterwards the installation howto on ispconfig.org. Everything works fine, except for the web access to subdirectories of the individual document root (/home/www/webXX/web). I can access the index.html via the browser, but when I try to access any subdirectories (including the individual error pages) Apache gives me an 403 error.
    The permissions are set to the site's admin (web1_adm.web1). "Chown -R wwwrun.www" and even "chmod -R 777" didn't solve it. A new installation from scratch with /srv/www as DocumentRoot had the same result.
    When I set up a new site manually without having it managed by ISPConfig, everything works fine. So I guess it must be an issue with ISPConfig's way on setting up SuSE's Apache2.
     
    Last edited: Sep 28, 2005
  5. rytech

    rytech New Member

    I followed the guide to installing the software. I also had a support guy log in and he could not see anything wrong with apache saying it should be working fine.

    I did install using expert mode and chose the directory according to the guide - "/srv/www". I think i agree with uralter_artifex and this could be a problem with ISPconfig and SuSE.

    I really like the SuSE package because it's really nice to use. If I have to change software any recommendations?
     
  6. till

    till Super Moderator

    Generally, ISPConfig works fine with SuSe 9.3 and SuSe 10, it has been tested many times.

    Are the vhosts written correctly to the file Vhost_ispconfig.conf or is the file empty?
    Are there any errors in the ispconfig logfile?

    /home/admispconfig/ispconfig/ispconfig.log
     
  7. uralter_artifex

    uralter_artifex New Member

    Thanks for the quick reply.
    The ispconfig.log shows no errors. The apache log has the line
    Code:
    [Wed Sep 28 12:59:18 2005] [error] an unknown filter was not added: PHP
    in it, but .php files work as long as they are in /home/www/web1/web and not in a subdirectory below that.

    The Vhosts_ispconfig.conf looks like this:
    Code:
    ###################################
    #
    # ISPConfig vHost Configuration File
    #         Version 1.0
    #
    ###################################
    #
    NameVirtualHost 85.214.25.27:80
    #
    #
    ######################################
    # Vhost: www.luxev-ratingen.de:80
    ######################################
    #
    #
    <VirtualHost 85.214.25.27:80>
    ServerName www.luxev-ratingen.de:80
    ServerAdmin webmaster@luxev-ratingen.de
    DocumentRoot /home/www/web1/web
    ServerAlias luxev-ratingen.de
    DirectoryIndex index.html index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
    ErrorLog /home/www/web1/log/error.log
    AddType application/x-httpd-php .php .php3 .php4 .php5
    <Files *.php>
        SetOutputFilter PHP
        SetInputFilter PHP
    </Files>
    <Files *.php3>
        SetOutputFilter PHP
        SetInputFilter PHP
    </Files>
    <Files *.php4>
        SetOutputFilter PHP
        SetInputFilter PHP
    </Files>
    <Files *.php5>
        SetOutputFilter PHP
        SetInputFilter PHP
    </Files>
    php_admin_flag safe_mode Off
    Alias /error/ "/home/www/web1/web/error/"
    ErrorDocument 400 /error/invalidSyntax.html
    ErrorDocument 401 /error/authorizationRequired.html
    ErrorDocument 403 /error/forbidden.html
    ErrorDocument 404 /error/fileNotFound.html
    ErrorDocument 405 /error/methodNotAllowed.html
    ErrorDocument 500 /error/internalServerError.html
    ErrorDocument 503 /error/overloaded.html
    AliasMatch ^/~([^/]+)(/(.*))? /home/www/web1/user/$1/web/$3
    AliasMatch ^/users/([^/]+)(/(.*))? /home/www/web1/user/$1/web/$3
    </VirtualHost>
    When I try to access the directory /home/www/web1/web/quickstart-3.8.0 which is part of typo3, Apache shows
    Code:
    Forbidden
    
    You don't have permission to access /quickstart-3.8.0/typo3/install/index.php on this server.
    
    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
    Apache/2.0.53 (Linux/SUSE) Server at www.luxev-ratingen.de Port 80
    Permissions for these directories and files are still set to the site's admin (web1_adm.web).
    I created the subdirectoy /home/www/web1/web/test and copied the original index.html into it. That works perfectly. Does the number of subdirectories make a difference? Or the softlink in the typo3 files?
    There are no problems with typo3 on SuSE 9.3/Apache2 virtual hosts without ISPConfig.
     
    Last edited: Sep 28, 2005
  8. falko

    falko Super Moderator

    What are the permissions of quickstart-3.8.0/typo3/install/index.php? Maybe Apache is allowed to access the directories, but not the file index.php because it has no read permissions on that file.
     
  9. uralter_artifex

    uralter_artifex New Member

    Permissions for these directories, subdirectories and files are set to the site's admin (web1_adm.web).
    chmod -R 777 /home/www/web1/web/ -> still 403
    chown -R wwwrun.www /home/www/web1/web/ -> still 403
     
  10. rytech

    rytech New Member

    I reinstalled SuSE on the machine, works fine now.

    Thanks for the help
     
  11. uralter_artifex

    uralter_artifex New Member

    ISPConfig & typo3

    Hello there,

    still getting 403 here.
    I will do some testing whether this problem is specific for typo3 on ISPConfig. Has anyone managed to install both on SuSE 9.3?

    Thanks for your hints and suggestions.
     
  12. jaffaizal

    jaffaizal New Member

    Rytech,

    Did you have to reinstall ISPconfig again?
    I am experiencing the same problem as 'uralter_artifex'.

    BTW, I am using typo3 3.8.1
    Placed the typo3_src-3.8.1 folder in '/home/www/web13'
    Placed quickstart-3.8.1 folder in '/home/www/web13', then rename it to 'web'

    Jaf
     
  13. falko

    falko Super Moderator

    You must put all your files into /home/www/web13/web, not /home/www/web13.
     
  14. SkyBlueshoes

    SkyBlueshoes New Member

    having the same problem with Debian

    I just transferred over my previous site and I'm getting some of these same errors. My index page is index.php and it reads fine, but it can't read the images from the subdirectory /home/www/web1/web/img/, nor is my php able to write to text files. I have a simple counter that uses flatfiles and it gives me this error:

    Warning: fopen(ip.txt): failed to open stream: Permission denied in /home/www/web1/web/footer.php on line 29

    I tried to go directly to the image file and I recieved a 500 internal server error, also getting this error when trying to access any files within subdirectories of docroot: eg: /home/www/web1/web/subdirectory/anyfile.php

    I'm also having another problem when trying to add mailbox users for the site: The username is already in use.



    Is there a solution to this? should Apache2 run as a different user:group?
     
    Last edited: May 28, 2006
  15. till

    till Super Moderator

    Thsts a common pronblem. Either you must make the directorys world writable, which is pretty insecure or you must run PHP as php-cgi with suexec or with the mod_suphp wrapper.
     
  16. elCorazon

    elCorazon New Member

    are you serious?

    Hi
    did I get that right? If I want the webserver being able to read/write PHP and directories I have to make them world read/writable?

    I installed ISPConfig a few days ago and it seemed to be a good system to me. But now I have some Problems:
    1. I have to configure an open_basedir other than the users root itself. I solved that, by inserting it by hand in /root/ispconfig/scripts/lib/config.lib.php line 1363 (Version 2.2.3).
    2. The permission problem: I don't want my webroots to be world readable least of all world writable. ISPConfig resets the permissions some way, but I'm not shure what it does and when. My favourite setup would be
    /var/www/webX 775 webX_admin:webX
    /var/www/webX/web 770 www-data:webX
    /var/www/webX/web/all-dirs 770 www-data:webX
    /var/www/webX/web/all-files 660 www-data:webX

    Could one of the developers please write in short what ISPConfig does?
    Thanks a lot!
     
  17. till

    till Super Moderator

    No. You have just read the first part of the sentence. The alternative is:

     
  18. elCorazon

    elCorazon New Member

    OK, sorry for not writing that: ...with running PHP as module. My question was if a permission setting like the described would be possible or what ISPConfig sets the permissions to.
     
  19. salamankero

    salamankero New Member

    Access Forbidden

    My issue seems to be similar to this, but not quite exact.

    I installed this on an existing fedora core 3 system using the perfect install guide. When I setup a site and tried to access it, I would always get the default Apache site. After looking through the httpd.conf file I noticed there was no include for the Vhosts_ispconfig.conf file. I also looked at the Server Settings and noticed that the directory/filename for the httpd.conf file was wrong.

    I added the correct path to the conf dir, and the full path to the httpd.conf file in Server Settings, deleted and recreated my site, and added an Include in Apache's httpd.conf file to include the Vhosts_ispconfig.conf file. When I do a reload of apache I get:

    (13)Permission denied: httpd: could not open error log file /home/www/web6/log/error.log.
    Unable to open logs


    in my /etc/httpd/logs/error_log file and

    Starting httpd: Warning: DocumentRoot [/home/www/web5/web] does not exist
    [FAILED]


    to the console.

    I have tried playing with file permissions and ownerships, but nothing has helped. I am wondering if during the setup process ISPConfig didn't know where to find my httpd.conf file so some changes didn't get made there (say a Directory permission setting).

    I was hoping someone could send me a copy of their httpd.conf file or give me a solution to my problem that I may not be thinking of.

    Thanks in advance!

    Sal...
     
  20. falko

    falko Super Moderator

    ISPConfig sets all directories underneath /var/www/webX/web to webX_admin:webX, with the directories having permissions of 755.

    You can make all webs use PHP Safe Mode, so that no PHP scripts can break out of their web site, and/or you can use suPHP: http://www.howtoforge.com/apache2_suphp_php4_php5
     

Share This Page